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DETAILED ACTION 

This Office Action is in response to the application filed on 10/24/2003. Claims 1-34 are 
pending and have been examined. 

Specification 

The disclosure is objected to because of the following informalities: paragraph 
[0052], line 1, a "base component 506" should be "base component 508". 
Appropriate correction is required. 

Claim Rejections - 35 USC § 101 

35 U.S.C. 101 reads as follows: 

Whoever invents or discovers any new and useful process, machine, manufacture, or composition of 
matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the 
conditions and requirements of this title. 

Claims 25-31 are rejected under 35 U.S.C. 101 because the claimed invention is 
directed to non-statutory subject mater. 

Claim 25 is rejected under 35 U.S.C. 101 because it recites " a computer-readable 
medium having encoded thereon code". In the Specification, paragraph [0029], it 
recites "computer storage media includes, but is not limited to, RAM, ROM, EEPROM, 
flash memory or other memory technology, CDROM, digital versatile disks (DVD) or 
other optical disk storage, magnetic cassettes, magnetic tape, magnetic disk storage or 
other magnetic storage devices, or any other medium which can be used to store the 
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desired information and which can accessed by computer 110. Communication media 
typically embodies computer readable instructions, data structures, program modules or 
other data in a modulated data signal such as a carrier wave or other transport 
mechanism and includes any information delivery media. The term "modulated data 
signal" means a signal that has one or more of its characteristics set or changed in 
such a manner as to encode information in the signal. By way of example, and not 
limitation, communication media includes wired media such as a wired network or 
direct-wired connection, and wireless media such as acoustic, RF, infrared and other 
wireless media. Combinations of any of the above should also be included within the 
scope of computer readable media". 

Encoding information in the signal is non-statutory. A computer-readable medium 
includes signal (see paragraph [0029) is non-statutory. 
Claims 24-31 are also rejected by virtue of their dependencies. 

Claim Rejections - 35 USC § 112 

The following is a quotation of the second paragraph of 35 U.S.C. 1 12: 

The specification shall conclude with one or more claims particularly pointing out and distinctly 
claiming the subject matter which the applicant regards as his invention. 

Claims 1-25 are rejected under 35 U.S.C. 112, second paragraph, as being indefinite for 
failing to particularly point out and distinctly claim the subject matter which applicant 
regards as the invention. 
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Claim 1 recites the limitation "software object" in line 6 and 1 1 . There is insufficient 
antecedent basis for this limitation in the claim. 

Claims 2 recites the limitation "tokens" in line 3. A meaning of "token" could not be 
found in the specification. The definition of token is "something representing something 
else". Its meaning is unclear. This ambiguity renders claim 2 indefinite. 
Claims 2-12 are also rejected by virtue of their dependencies. 

Claim 13 recites the limitation "assurance" in line 9. There is insufficient antecedent 
basis for this limitation in the claim. 

Claim 14 recites the limitation "the resistance" in line 1. There is insufficient antecedent 
basis for this limitation in the claim. 

Claim 17 recites the limitation "first of said plurality of data". There is insufficient 
antecedent basic for this limitation in the claim. 

Claims 14-24 are also rejected by virtue of their dependencies. 

Claim 20 recites the limitation "security policy" in line. There is insufficient antecedent 

basis for this limitation in the claim. 

Claim 25 recites the limitation "on first and second classes of data" in line 2. There is 
insufficient antecedent basis for this limitation in the claim. Also, Claim 25 recites the 
limitation "classes of data". A meaning of "classes of data" could not be found in the 
specification. Its meaning is unclear. This ambiguity renders claim 25 indefinite. 
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Claim Rejections - 35 (JSC § 102 

The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that 
form the basis for the rejections under this section made in this Office action: 

A person shall be entitled to a patent unless - 

(e) the invention was described in (1) an application for patent, published under section 122(b), by 
another filed in the United States before the invention by the applicant for patent or (2) a patent 
granted on an application for patent by another filed in the United States before the invention by the 
applicant for patent, except that an international application filed under the treaty defined in section 
351 (a) shall have the effects for purposes of this subsection of an application filed in the United States 
only if the international application designated the United States and was published under Article 21(2) 
of such treaty in the English language. 

Claims 1, 8-14, 20, 23-26, and 32-34 are rejected under 35 U.S.C. 102(e) as being 
anticipated by Paul England et al. (hereinafter England, "A trusted Open Platform", IEEE 
Computer Society, July 2003, pp. 55-62). 

As per claim 1, England teaches a system that manages the partitioning of an 
application comprising: a base layer that hosts the operation of a first environment and 
a second environment, the application comprising: 

a first software object that executes in said first environment, said first software 
object handling a plurality of data and including logic to identify a first of said plurality of 
data as not processable by said software object [fig. 2, pg. 58, col. 2, "Figure 2 shows 
an NGSCB ... represents soft-"; pg. 59, par. [1]; application runs in normal mode 
(i.e. left half of figure). It would not process a data of trusted mode (i.e. right half 
of figure]; 
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and a second software object that executes in said second environment and that 
processes said first of said plurality of data in a manner that resists tampering with said 
first of said plurality of data [fig. 2, pg. 58, col. 2, "Figure 2 shows an NGSCB ... 
represents soft-"; pg. 59, col. 1, par. [1]; application runs in trusted mode (i.e. 
right half of figure)]. 

said base layer comprising or hosting logic that receives said first of said plurality 
of data from said software object and routes said first of said plurality of data to said 
second environment [fig. 2, pg. 58, col. 2, "Figure 2 shows an NGSCB ... represents 
soft-"; pg. 59, col. 1, par. [1] & par. [2]; a machine monitor hosts applications 
running on normal mode and trusted mode]. 

As per claim 8, England teaches the system of claim 1, wherein said base layer 
comprises a component that assigns a first identifier to said second environment [pg. 
56, col. 2 to pg. 57, col. 1, "Definition of code ID ... For example, in the common"; 
fig. 1 & fig. 2; a code ID is equivalent to identifier. A base layer is equivalent to a 
machine monitor]. 

As per claim 9, England teaches the system of claim 8, wherein said first of said 
plurality of data includes, or is accompanied by, said first identifier and a second 
identifier that identifies said second software object [pg. 56, col. 2 to pg. 57, col. 1, 
"Definition of code ID ... For example, in the common"; fig. 1 & fig. 2; a code ID is 
equivalent to identifier. A base layer is equivalent to a machine monitor]. 
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As per claim 10, England teaches the system of first environment is associated with a 
first specification that describes the behavior of said first environment, wherein said 
second environment is associated with a second specification that describes the 
behavior of said second environment, wherein there is a higher level of assurance that 
said second environment will conform to said second specification than that said first 
environment will conform to said first specification [fig. 2, pg. 58, col. 2, "Figure 2 
shows an NGSCB... represent soft-"; pg. 59, col. 1, par. [1]; It is inherent that a 
first environment running on the LHS which relates to assurance is associated . 
with specification that describe its behavior. A level of assurance of the trusted 
mode (i.e. RHS) is relatively higher than a level of assurance of the normal mode 
(i.e. LHS)]. 

As per claim 11, England teaches the system of claim 10, wherein said second 
software object relies upon the behavior of the second environment in order to resist 
tampering with said first of said plurality of data [fig. 2; application runs on RHS]. 

As per claim 12, England teaches the system of claim 1 , wherein said base layer is 
said second environment, or is included within said second environment [fig. 2, 
machine monitor]. 



Application/Control Number: 10/693,749 Page 8 

Art Unit: 2139 

As per claim 13, England teaches a method of a first software object, which executes 
in a first environment, handling data to which a policy applies, the method comprising: 
the first software object encountering the data [fig. 2, pg. 58, col. 2, "Figure 2 
shows an NGSCB ... represents soft-"; pg. 59, par. [1]; application runs in normal 
mode (i.e. left half of figure). It's inherent that a first software object encountering 
a data]; 

the first software object determining that the data is not processable by the first 
software object [fig. 2, pg. 58, col. 2, "Figure 2 shows an NGSCB ... represents 
soft-"; pg. 59, par. [1]; application runs in normal mode (i.e. left half of figure)]; 

the first software object causing the data to be provided to a second software 
object that executes in a second environment that provides a first level of assurance 
that actions performed in the second environment will be performed correctly, wherein 
the second software object processes the data in a manner that uses said assurance to 
resist tampering with the data by acts arising outside of the second environment [fig. 2; 
pg. 58, col. 2 to pg. 59, col. 1 , "NGSCB SYSTEM OVERVIEW... more hardware- 
based monotonic counters". Application runs on the left hand side (LHS) in 
normal mode. A right hand side (RHS) has Nexus and application or agent 
running on it. The nexus is a high-assurance OS kernel; a machine monitor 
monitors applications running on normal mode and trusted mode. It isolates a 
two systems to prevent them interfering with each other]. 
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As per claim 14, England teaches the method of claim 13, wherein the resistance to 
tampering comprises a resistance to a change in said data [pg. 59, par. [2]; "The 
authenticated operation primitives enables each operating system ... from other 
operating system"; pg. 57, par. [4]; "seal uses an authentication encryption 
primitive to encrypt this data structure and to protect its integrity"; seal storage is 
another way to encrypt information]. 

As per claim 20, England teaches the method of claim 13, wherein said security policy 
specifies that said data is to be handled by said second software object [pg. 59, col. 1, 
par. [1], "The right half of the figure ... from interfering with each other"; an 
application (i.e. second software object) runs on a high-assurance environment 
(i.e. RHS)] 

As per claim 23, England teaches the method of claim 13, wherein said second 
environment is associated with a first specification that describes the behavior of said 
second environment, and wherein said assurance provides that said second 
environment will conform to said specification [fig. 2, pg. 59, col. 1, par. [1]; It is 
inherent that a second environment run on the RHS which relates to high- 
assurance is associated with specification that describe its behavior]. 

As per claim 24, England teaches the method of claim 13, wherein said first 
environment is associated with a second specification that describes the behavior of 
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said first environment, and wherein said first environment provides a second level of 
assurance that actions performed in the first environment will be performed correctly, 
said second level of assurance being relatively lower than said first level of assurance 
[fig. 2, pg. 58, col. 2, "Figure 2 shows an NGSCB... represent soft-"; pg. 59, col. 1, 
par. [1]; It is inherent that a first environment run on the LHS which relates to 
assurance is associated with specification that describe its behavior. A level of 
assurance of the normal mode (i.e. LHS) is relatively lower than a level of 
assurance of the trusted mode (i.e. RHS)]. 

As per claim 25, England teaches a computer-readable medium having encoded 
thereon code and data to allow a user to operate on first and second classes of data, 
said second class of data requiring a relatively higher level of protection from tampering 
than said first class of data, said code and data comprising: 

a first software object associated with a first specification that describes the 
behavior of said first software object, said first software object comprising instructions 
to: 

operate on members of said first class of data [fig. 2, application runs its data 
in a normal mode]; 

recognize a member of said second class of data as not being processable by 
said first software object [fig. 2, normal mode can not process data of trusted 
mode]; and 

cause said member of said second class of data to be routed to a second 
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software object [fig. 2, machine monitor routes data from normal mode to trusted 
mode]; and 

said second software object, which is associated with a second specification that 
describes the behavior of said second software object, there being a relatively higher 
level of assurance that said second software object will conform to said second 
specification than that said first software object will conform to said first specification, 
said second software object comprising instructions to operate on members of said 
second class of data [fig. 2; pg. 58, col. 2 , "Figure 2 shows an NGSCB ... 
represent soft-", pg. 59, col. 1, par. [1]]. 

As per claim 26, England teaches the computer-readable medium of claim 25, wherein 
said first software object operates in a first environment, wherein said second software 
object operates in a second environment, wherein said first environment is associated 
with a third specification that describes the behavior of said first software environment, 
wherein said second environment is associated with a fourth specification that describes 
the behavior of said second environment, wherein the level of assurance that said 
second environment will conform to said fourth specification is relatively higher than the 
level of assurance that said first environment will conform to said first specification, and 
wherein the assurance that said second software object will conform to said second 
specification derives from said second software object's reliance on the behavior of the 
second environment [fig. 2; pg. 58, col. 2 , "Figure 2 shows an NGSCB ... represent 
soft-", pg. 59, col. 1, par. [1]]. 



Application/Control Number: 10/693,749 
Art Unit: 2139 



Page 12 



As per claim 32, England teaches a system that supports the partitioning of an 
application into at least a first software object and a second software object, the system 
hosting a first environment and a second environment, the first software object running 
in the first environment, the second software object running in the second environment, 
the system comprising an application programming interface that exposes at least one 
of the following methods: 

a first method that receives from the first software object a first data object that 
comprises: (1) data processable by the second software object, and (2) a first identifier 
assigned by the system to the second environment; and that routes said first data object 
to said second environment based on said first identifier [fig. 2; pg. 58, col. 2, "Figure 
2 shows an NGSCB ... represent soft-", pg. 59, col. 1, par. [1]; pg. 56, col. 2, 
"Definition of code ID ... have been used elsewhere"; a code ID is equivalent to a 
first identifier] . 

As per claim 33, England teaches the system of claim 32, wherein said first 
environment is associated with a first specification that describes the behavior of said 
first environment, wherein said second environment is associated with a second 
specification that describes the behavior of said second environment, wherein there is a 
first level of assurance that said first environment will conform to said first specification, 
wherein there is a second level of assurance that said second environment will conform 
to said second specification, and wherein said second level of assurance is relatively 



Application/Control Number: 10/693,749 Page 13 

Art Unit: 2139 

higher than said first level of assurance [fig. 2, pg. 58, col. 2, "Figure 2 shows an 
NGSCB... represent soft-"; pg. 59, col. 1, par. [1]; It is inherent that a first 
specification that describes a behavior of a first environment running oh the LHS 
(i.e. normal mode). A second specification describes a behavior of a second 
environment running on the RHS (i.e. trusted mode). A level of assurance of 
trusted mode is higher than a level of normal mode] 

As per claim 34, England teaches the system of claim 33, wherein said second 
software provides assurance that said second software object will protect data, said 
assurance being provided at least in part by relying on the behavior of the second 
environment [fig. 2, pg. 59, par. [1]; applications run on a trusted mode (i.e. high- 
assurance)]. 

Claim Rejections - 35 USC § 103 

The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set 
forth in section 102 of this title, if the differences between the subject matter sought to be patented and 
the prior art are such that the subject matter as a whole would have been obvious at the time the 
invention was made to a person having ordinary skill in the art to which said subject matter pertains. 
Patentability shall not be negatived by the manner in which the invention was made. 

The factual inquiries set forth in Graham v. John Deere Co., 383 U.S. 1, 148 
USPQ 459 (1966), that are applied for establishing a background for determining 
obviousness under 35 U.S.C. 103(a) are summarized as follows: 

1 . Determining the scope and contents of the prior art. 
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2. Ascertaining the differences between the prior art and the claims at issue. 

3. Resolving the level of ordinary skill in the pertinent art. 

4. Considering objective evidence present in the application indicating 
obviousness or nonobviousness. 



Claims 2-7, 15-19, 29, and 30-31 are rejected under 35 U.S.C. 103(a) as being 
unpatentable over by Paul England et al. (hereinafter England, "A trusted Open 
Platform", IEEE Computer Society, July 2003, pp. 55-62), in view of Willman et al 
(hereinafter Willman, US 2005/0033980 A1). 

As per claim 2, England does not explicitly teach the system of first software object 
causes a representation of said first of said plurality of data to be displayed on a display 
device, said representation comprising one or more indecipherable tokens. 

Willman teaches the system of first software object causes a representation of 
said first of said plurality of data to be displayed on a display device, said representation 
comprising one or more indecipherable tokens [par. [0012]; " secure output is 
similar. The information ... intercept it and read it"; an indecipherable token is 
equivalent to encrypted information]. 

Thus, it would have been obvious to the person of ordinary skill in the art at the 
time the invention was made to modify the system of England of the invention by 
including the step of Willman because it would provide secure input and output 
[Willman, par. [0012]]. 
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As per claim 3, Willman further teaches the system of claim 2, wherein said one or 
more indecipherable tokens are either: 

(1) the same size as each other [par, [0012]; an encrypted information can be 
the same or different size], or 

(2) of sizes that are unrelated to the content of said first of said plurality of data 
[par. [0012]; an encrypted information can be the same or different size]. 

As per claim 4, England does not explicitly teach the system of the resistance to 
tampering provided by said second software object comprises said second environment 
resisting interference with the display of said first of said plurality of data by writing a 
representation of said first of said plurality of data into a video memory associated with 
a display device so as to cause said representation to supersede any image at a 
location on said display device at which said representation is to be displayed. 

Willman teaches the system of the resistance to tampering provided by 
said second software object comprises said second environment resisting interference 
with the display of said first of said plurality of data by writing a representation of said 
first of said plurality of data into a video memory associated with a display device so as 
to cause said representation to supersede any image at a location on said display 
device at which said representation is to be displayed [par. [0012]; NGSCB provides a 
secure output (i.e. RHS). "The information that appears onscreen can be 
presented ... intercept it and read it"]. 

Thus, it would have been obvious to the person of ordinary skill in the art at the 
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time the invention was made to modify the system of England of the invention by 
including the step of Willman because it would provide secure input and output 
[Willman, par. [0012]]. 

As per claim 5, England does not teach the system of first of said plurality of said is 
entered on a keyboard, and wherein the resistant to tampering provided by said second 
software object comprises resisting tampering with said first of said plurality of data in 
transit from said keyboard to an input stream of said second' software object. 

Willman teaches the system of first of said plurality of said is entered on a 
keyboard, and wherein the resistant to tampering provided by said second software 
object comprises resisting tampering with said first of said plurality of data in transit from 
said keyboard to an input stream of said second software object [par. [0012], line 1-3; 
"keystrokes are encrypted before they can be read by software and decrypted 
once they reach the RHS"]. 

Thus, it would have been obvious to the person of ordinary skill in the art at the 
time the invention was made to modify the system of England of the invention by 
including the step of Willman because it would provide secure input and output 
[Willman, par. [0012]]. 

As per claim 6, England further teaches the system of claim 5, wherein said second 
application signs said first of said plurality of data to prevent subsequent tampering with 
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said first of said plurality of data [fig. 2, pg. 61, col. 1 "Document signing ... or certify 
the signing keys"]. 

As per claim 7, England further teaches the system of claim 6, wherein said second 
environment signs said first of said plurality of data and the signature created by said 
second application as an indication that said first of said plurality of data and said 
signature were created in said second environment [fig. 2, pg. 61, col. 1 "Document 
signing ... or certify the signing keys"]. 

As per claims 15, England does not explicitly teach a data is to be displayed on a 
visual display device, and wherein the resistance to tampering comprises displaying a 
representation of said data in a location on said visual display device and superseding 
any image other than said representation that is rendered at said location. 

Willman teaches a data is to be displayed on a visual display device, and 
wherein the resistance to tampering comprises displaying a representation of said data 
in a location on said visual display device and superseding any image other than said 
representation that is rendered at said location [par. [0012]; NGSCB provides a 
secure output (i.e. RHS). "The information that appears onscreen can be 
presented ... intercept it and read it"]. 

Thus, it would have been obvious to the person of ordinary skill in the art at the 
time the invention was made to modify the method of England of the invention by 
including the step of Willman because it would provide secure input and output 
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[Willman, par. [0012]]. 

As per claim 16, England does not explicitly teach a first software object causes a 
representation of the data to be displayed on a visual display device, said 
representation comprising one or more indecipherable tokens. 

Willman teaches the method of claim 1 3, wherein said first software object 
causes a representation of the data to be displayed on a visual display device, said 
representation comprising one or more indecipherable tokens [par. [0012]; " secure 
output is similar. The information ... Intercept it and read it"; an indecipherable 
token is equivalent to encrypted information]. 

Thus, it would have been obvious to the person of ordinary skill in the art at the 
time the invention was made to modify the method of England of the invention by 
including the step of Willman because it would provide secure input and output 
[Willman, par. [0012]]. 

i 

As per claim 17, Willman further teaches the method of claim 16, wherein said 
representation are either: 

(1) the same size as each other [par. [0012]; an encrypted information can be 
the same or different size], or 

(2) of sizes that are unrelated to the content of said first of said plurality of data 
[par. [0012]; an encrypted information can be the same or different size]. 
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As per claim 18, Willman further teaches the method of claim 16, wherein said first 
software object or said second software object, or a combination of said first software 
object and said second software object, cause items displayed on said visual display 
device to be changed in at least one respect to permit viewing of an image of the data 
produced by said second software object [par. [0012]; "The information that appears 
onscreen ... no one else can intercept it and read it"; a secure out put is 
produced by application running on the RHS]. 

As per claim 19, England does not explicitly teach a data is provided using a keyboard, 
and wherein the resistance to tampering comprises resisting a change to the data in 
transit from the keyboard to the input stream of the second software object. 

Willman teaches a data is provided using a keyboard, and wherein the resistance 
to tampering comprises resisting a change to the data in transit from the keyboard to the 
input stream of the second software object [par. [0012], line 1-3; "keystrokes are 
encrypted before they can be read by software and decrypted once they reach the 
RHS"]. 

Thus, it would have been obvious to the person of ordinary skill in the art at the 
time the invention was made to modify the method of England of the invention by 
including the step of Willman because it would provide secure input and output 
[Willman, par. [0012]]. 
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As per claim 29, England does not explicitly teach the computer-readable medium of 
first software object displays output on a visual display device, said output including one 
or more locations on said visual display device in which said member of said second 
class is to be displayed, and wherein said second software object displays a 
representation of said data of said second class in said one or more locations. 

Willman teaches the computer-readable medium of claim 25, wherein said 
first software object displays output on a visual display device, said output including one 
or more locations on said visual display device in which said member of said second 
class is to be displayed, and wherein said second software object displays a 
representation of said data of said second class in said one or more locations [par. 
[0012]; NGSCB provides a secure output (i.e. RHS). "The information that appears 
onscreen can be presented ... intercept it and read it"]. 

Thus, it would have been obvious to the person of ordinary skill in the art at the 
time the invention was made to modify the method of England of the invention by 
including the step of Willman because it would provide secure input and output 
[Willman, par. [0012]]. 

As per claim 30, Willman further teaches the computer-readable medium of claim 29, 
wherein said representation is displayed in said one or more locations by said second 
environment causing said representation to be written into a video memory associated 
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with said visual display device [fig. 1, a video interface 190, a monitor 191; par. 
[0036], lines 23-26]. 

As per claim 31, England does not teach the computer-readable medium of member of 
said second class comprises data to be entered using a keyboard, and wherein causing 
said member of said second class of data to be routed to said second software object 
comprises said second environment transporting said member of said second class 
from said keyboard to said second software object in a manner that resists tampering 
with said member of said second class by events arising outside of said second 
environment. 

Willman teaches the computer-readable medium of member of said 
second class comprises data to be entered using a keyboard, and wherein causing said 
member of said second class of data to be routed to said second software object 
comprises said second environment transporting said member of said second class 
from said keyboard to said second software object in a manner that resists tampering 
with said member of said second class by events arising outside of said second 
environment [par. [0012], line 1-3; "keystrokes are encrypted before they can be 
read by software and decrypted once they reach the RHS"]. 

Thus, it would have been obvious to the person of ordinary skill in the art at the 
time the invention was made to modify the method of England of the invention by 
including the step of Willman because it would provide secure input and output 
[Willman, par. [0012]]. 
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Claims 21-22 and 27-28 are rejected under 35 U.S.C. 103(a) as being unpatentable 
over by Paul England et al. (hereinafter England, "A trusted Open Platform", IEEE 
Computer Society, July 2003, pp. 55-62), in view of Hayman et al. (hereinafter Hayman, 
US patent 5,895,966). 

As per claim 21, England does not explicitly teach data includes, or is associated with, 
a first label that identifies said second environment as a location in which said data is to 
be processed. 

Hayman teaches data includes, or is associated with, a first label that identifies said 
second environment as a location in which said data is to be processed [abstract, fig. 
3A, fig. 3B, col. 1, lines 63-64, col. 5, line 24 to col. 6, line 36; security labels are 
placed on each data file]. 

Thus, it would have been obvious to the person of ordinary skill in the art at the 
time the invention was made to modify the method of England of the invention by 
including the step of Hayman because it would provide a security system controls who 
has access to a computer system and the extent of access to the system's resources on 
the system is accessed [Hayman, col. 1, lines 8-10]. 

As per claim 22, Hayman further teaches the method of claim 21, wherein said data 
includes, or is associated with, a second label that identifies said second software 
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object as a processor for said data, and wherein said second environment routes said 
data to said second software object based on said second label [abstract, fig. 3A, fig. 
3B, col. 1, lines 63-64, col. 5, line 24 to col. 6, line 36]. 

As per claim 27, England does not explicitly teach the computer-readable medium of 
each member of said second class of data comprises: (1) a first label indicating that 
said member of said second class is to be processed in said second environment, and 
(2) a second label assigned by said second environment indicating that said member of 
said second class is to be processed by said second software object. 

Hayman teaches the computer-readable medium of each member of said second 
class of data comprises: (1) a first label indicating that said member of said second 
class is to be processed in said second environment, and (2) a second label assigned 
by said second environment indicating that said member of said second class is to be 
processed by said second software object [abstract, fig. 3A, fig. 3B, col. 1, lines 63- 
64, col. 5, line 24 to col. 6, line 36]. 

Thus, it would have been obvious to the person of ordinary skill in the art at the 
time the invention was made to modify the method of England of the invention by 
including the step of Hayman because it would provide a security system controls who 
has access to a computer system and the extent of access to the system's resources on 
the system is accessed [Hayman, col. 1, lines 8-10]. 
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As per claim 28, Hayman further teaches the computer-readable medium of claim 27, 
wherein said first software object causes said member of the second class to be routed 
to said second software object by sending said member of the second class to a base 
component, said first label being assigned by said base component, said second label 
being recognizable by said second environment and not by said base component 
[abstract, fig. 3A, fig. 3B, col. 1, lines 63-64, col. 5, line 24 to col. 6, line 36]. 



Double Patenting 

The nonstatutory double patenting rejection is based on a judicially created 
doctrine grounded in public policy (a policy reflected in the statute) so as to prevent the 
unjustified or improper timewise extension of the "right to exclude" granted by a patent 
and to prevent possible harassment by multiple assignees. A nonstatutory 
obviousness-type double patenting rejection is appropriate where the conflicting claims 
are not identical, but at least one examined application claim is not patentably distinct 
from the reference claim(s) because the examined application claim is either anticipated 
by, or would have been obvious over, the reference claim(s). See, e.g., In re Berg, 140 
F.3d 1428, 46 USPQ2d 1226 (Fed. Cir. 1998); In re Goodman, 11 F.3d 1046, 29 
USPQ2d 2010 (Fed! Cir. 1993); In re Longi, 759 F.2d 887, 225 USPQ 645 (Fed. Cir. 
1985); In re Van Ornum, 686 F.2d 937, 214 USPQ 761 (CCPA 1982); In re Vogel, 422 
F.2d 438, 164 USPQ 619 (CCPA 1970); and In re Thorington, 418 F.2d 528, 163 
USPQ 644 (CCPA 1969). 

A timely filed terminal disclaimer in compliance with 37 CFR 1.321(c) or 1.321(d) 
may be used to overcome an actual or provisional rejection based on a nonstatutory 
double patenting ground provided the conflicting application or patent either is shown to 
'be commonly owned with this application, or claims an invention made as a result of 
activities undertaken within the scope of a joint research agreement. 

Effective January 1, 1994, a registered attorney or agent of record may sign a 
terminal disclaimer. A terminal disclaimer signed by the assignee must fully comply with 
37 CFR 3.73(b). 



Claim 1 is provisionally rejected on the ground of nonstatutory obviousness-type 
double patenting as being unpatentable over claim 1 of copending Application 
10/638,199 (Publication No: US 2005/0033980). Although the conflicting claim is not 
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identical, they are not patentably distinct from each other because for the following 
reasons. 

Claim 1 maps into claims 1 and 2 of the copending application. 

Conclusion 

The prior arts made of record and not relied upon are considered pertinent to 
applicant's disclosure. 

U.S. Patent Application Publication No. 2003/0041255 A1 to Chen et al.; 

U.S. Patent Application Publication No. 2003/0101322 A1 to Gardner, Robert D.; 

U.S. Patent Application Publication No. 2004/0210764 A1 to McGrath et al.; 

U.S. Patent Application Publication No. 2004/0230794 A1 to England et al.; 

U.S. Patent Application Publication No. 2004/0250036 A1 to Willman et al.; 

U.S. Patent No. 7,039,801 B2 to Narin, Attila; 

U.S. Patent No. 7,043,616 B1 to McGrath, Kevin J.; 

U.S. Patent No. 7,082,507 B1 to Christie et al.; 

U.S. Patent No. 7,130,951 B1 to Christie et al.; 

U:S. Patent No. 7,130,977 B1 to Christie et al.; 

U.S. Patent No. 7,146,477 B1 to Strongin et al.; 

U.S. Patent No. 7,165,135 B1 to Christie et al.; 

U.S. Patent No. 5,892,900 A to Ginter et al.; 

U.S. Patent No. 6,397,242 B1 to Devine et al.; 
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U.S. Patent No. 6,496,847 B1 to Bugnion et al.; 
U.S. Patent No. 6,490,720 B1 to Carlsen et al.; 
U.S. Patent Application Publication No. 2002/0184520 to Bush et al.; 

Garfinkel, T. "Terra: A Virtual Machine-Based Platform for Trusted Computing", 
ACM SOSP. Proceedings of the ACM Symposium on Operating Systems Principles, 
October 19-22, 2003, 193-206, XP-002340992. 

England, P. et al., "A Trusted Open Platform", Computer, July 2003, 55-62, XP- 
002375734. 

Di Penta, M. et al., "Knowledge-Based Library Re-Factoring for an Open Source 
Project", Proceedings of the 9th Working Conference on Reserve Engineering, 2002, 
319-328 

Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Canh Le whose telephone number is 571-270-1380. 
The examiner can normally be reached on Monday to Friday 7:30AM to 5:00PM other 
Friday off. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Ayaz Sheikh can be reached on 571-272-3795. The fax phone number for 
the organization where this application or proceeding is assigned is 571-273-8300. 
Information regarding the status of an application may be obtained from the Patent 
Application Information Retrieval (PAIR) system. Status information for published 
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applications may be obtained from either Private PAIR or Public PAIR. Status 
information for unpublished applications is available through Private PAIR only. For 
more information about the PAIR system, see http://pair-direct.uspto.gov. Should you 
have questions on access to the Private PAIR system, contact the Electronic Business 
Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO 
Customer Service Representative or access to the automated information system, call 
800-786-9199 (IN USA OR CANADA) or 571-272-1000. 
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